IT Security News Daily Summary 2022-10-19

• Addressing the Unique Obstacles in Healthcare Through Policy-Based Access Control

• Software Patch Management Policy Best Practices

• New PHP Malware Distributed as Cracked Microsoft Office Apps, Telegram, & Others

• RedHat: RHSA-2022-6905:01 Important: OpenShift Container Platform 4.9.50

• RedHat: RHSA-2022-7055:01 Moderate: RHOSDT 2.6.0 operator/operand containers

• RedHat: RHSA-2022-7044:01 Moderate: rh-nodejs14-nodejs security update

• Report: 69% of orgs report multicloud security configurations led to data breaches or exposures

• DOD looks to update AI workforce contract

• L3Harris wants to add drone data streams to night vision goggles

• Drug data center takes on opioid crisis

• Google looks to simplify mainframe-to-cloud migration

• How to enable end-to-end encryption for Facebook Messenger chats

• Black Basta Ransomware Hackers Infiltrate Networks via Qakbot to Deploy Brute Ratel C4

• Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software

• Better Regulating Drone Use Requires Communication, Not Surveillance

• ACS Technologies selects Curity to provide seamless authentication across its end-user products

• White House looks to advance cyber safety labeling effort with ‘initial scope’ next spring

• Why community health centers are betting on data collection to advance health equity

• 5 steps to protect your school from cyberattacks

• Spanish ISPs Fall Short of Robust Commitments to User Privacy in New Eticas’ Report

• How Businesses Can Prevent and Mitigate Ransomware Threats

• Researchers: Office 365 Encryption Flaw Compromise Message Confidentiality

• Debian: DSA-5259-1: firefox-esr security update

• True Security Requires a Holistic Approach

• 2022 Forrester Wave™: Enterprise Firewalls – We’re a Leader

• Exabeam launches upgraded SIEM platform built for cloud, new threats

• Gartner predicts increase in IT spending despite economy — highlights new trends

• Tech woes still trouble OPM, watchdog says

• Biden touts launch of student loan forgiveness website

• Protect elections by prioritizing public awareness of cyber defenses

• Public safety cybersecurity slowly ramps up

• Gartner: IT force multipliers for sustainable growth, cyber resiliency and responsible investment

• Asana launches enterprise-level workplace tools for prioritization and planning

• Dangerous hole in Apache Commons Text – like Log4Shell all over again

• Cybersecurity’s Hiring Spree Requires a Recruiting Rethink

• Security Awareness Urged to Grow Beyond Compliance

• A week in security (October 10 – 16)

• Ex-WSJ reporter says he was framed in elaborate ‘hack-and-smear’ operation

• 2022 Forrester Wave™: Enterprise Firewalls – We’re a Leader

• How to manage risks and increase value in a merger

• Postal Service honors women cryptologists of WWII with new stamp

• Consumers care about their data: Learn how to automate privacy and compliance efforts

• Top IT security manager interview questions

• Top 10 pen testing interview questions with answers

• How to manage and reduce secret sprawl

• (ISC)² Collaborates with KISA to Strengthen Cybersecurity Professional Development in Emerging Economies

• Google Shopping Competitors Demand Antitrust Rework

• SUSE: 2022:3655-1 important: buildah

• SUSE: 2022:3656-1 important: nodejs16

• Why cybersecurity starts in the C-suite

• New Amex ML model helps reduce account login fraud

• The future of federal telework demands secure remote access

• What is Fog Reveal? A legal scholar explains the app some police forces are using to track people without a warrant

• How one agency’s cloud migration smoothed the path for others

• New ‘Black Lotus’ UEFI Rootkit Provides APT-Level Capabilities

• Zoom for macOS Contains High-Risk Security Flaw

• Zimbra Patches Under-Attack Code Execution Bug

• Fashion brand SHEIN fined $1.9m for lying about data breach

• NetSPI Lands $410 Million in Funding – And Other Notable Cybersecurity Deals

• New Research Report Predicts Blockchain and Quantum Threat Will Quickly Spread Beyond Cybercurrencies; Surge in New Product and Services Opportunities to Come

• Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware

• Signal to Ditch SMS/MMS Messaging on Android

• The Risk of Stateful Anti-Patterns in Enterprise Internet Architecture

• Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text

• Retail giant Woolworths discloses data breach of MyDeal online marketplace

• Everything You Ever Wanted to Know About Georgia Special Purpose Grand Juries But Were Afraid to Ask

• Global Coalition Calls on UK Foreign Secretary to Secure the Release of Salma al-Shehab

• Trust in The Future of Electronic Healthcare Data Management and Security

• Interpol busts global ‘Black Axe’ cyber-fraud suspects

• OpenAI : Students are Using AI Tools to Write Paper for Them

• MyDeal Data Breach: 2.2 Million Customers’ Details Exposed

• Setting Up The Digital Asset Security Standards To Protect Digital Data

• SSL Certificate: What It Is and How to Get One

• Choosing the Right Remote Access Solution for Your Linux Environment

• Mandiant launches Breach Analytics for Google’s Chronicle

• Scammers Targeting Those Seeking Student Loan Forgiveness

• DiceyF deploys GamePlayerFramework in online casino development studio

• Cybersecurity regulations: How do laws apply to your business?

• Xi Calls For China To ‘Win Battle’ On Core Tech

• Apple Halts Plans To Use Chinese Memory Chips

• Spain Opens Competition Probe Into Booking.com

• TikTok Competitor Triller Delves Into Metaverz

• Tensions With China Pose ‘Serious’ Challenges For Chip Sector, Says TSMC

• Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys

• Over 900 Servers Hacked Using a Critical Zimbra Zero-day Flaw

• SUSE: 2022:3661-1 important: php8

• SUSE: 2022:3660-1 moderate: qemu

• SUSE: 2022:3657-1 important: the Linux Kernel (Live Patch 15 for SLE 15 SP3)

• Linux 6.1 Features Include Initial Rust Code, MGLRU, New AMD CPU Features, More Security

• New Malicious Clicker found in apps installed by 20M+ users

• How to navigate marketing with a focus on data privacy and compliance

• Microsoft warns over unusual ransomware attacks

• Connecting to public Wi-Fi: Here’s how to protect your data and your device

• How to recover data from an old laptop if you’ve forgotten the password

• Linux dodges serious Wi-Fi security exploits

• What is hybrid cloud?

• 75 Arrested in Crackdown on West-African Cybercrime Gangs

• Fortinet Admits Many Devices Still Unprotected Against Exploited Vulnerability

• New ‘Prestige’ Ransomware Targets Transportation Industry in Ukraine, Poland

• Retail Giant Woolworths Discloses Data Breach Impacting 2.2 Million MyDeal Customers

• Women in Cryptology – USPS celebrates WW2 codebreakers

• Imprivata Expands Its Integrated Digital Identity Platform to Defragment Identities Across Disparate Applications

• 4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap

• Disinformation Attacks Threaten US Midterm Elections

• What Fast-Talkers Can Teach Us About Vetting Vendors

• Oracle Releases October 2022 Critical Patch Update

• New Prestige Ransomware Targeting Polish and Ukrainian Organizations

• Why Crypto Winter is No Excuse to Let Your Cyber Defenses Falter

• Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages

• Making Merger and Acquisition Cybersecurity More Manageable

• New UEFI rootkit Black Lotus offered for sale at $5,000

• Hacking Automobile Keyless Entry Systems

• How Mudge Upended One Of The World’s Most Influential Social Networks

• Shein Owner Zoetop Fined $1.9m Over Data Breach Response

• Samsung Brings Blockchain Based Security To Smart Devices

• Equifax Surveilled 1,000 Remote Workers, Fired 24 Found Juggling Two Jobs

• Wrangling Warships: Russia’s Proposed Law on Northern Sea Route Navigation

• #ISC2Congress 2022: Highlighting the Need for Collaborative Defense

• Hacktivist’s Target Tata Power Company

• Cybersecurity Retail Risk Trends to Watch Now and in 2023

• Protecting Your Cloud Environments With Zero Trust

• Government’s role is to ‘seed the field’ of semiconductor workforce, experts say

• Apache Commons Vulnerability: Patch but Don’t Panic

• Four Big Reasons to Update Your Software

• Tata Power’s IT Infrastructure Hit by Cyberattack

• Ransomware Gang Tricked by Dutch National Police

• INTERPOL Arrests 75 Members of the Black Axe Cybercrime Ring

• Can Cloud Telephony Services with Military Grade Security Enable Organizations to Create High Brand Value?

• Understanding The True Financial Risk of Ransomware Attacks

• China-linked Budworm burrows hole in US legislature systems

• Hackers Mimic Google Translate to Launch Phishing Attacks

• Retail Giant Woolworths Discloses Data Breach Impacting Million MyDeal Customers

• New York, Amazon Settle Pandemic Protection Lawsuit

• Yield Monitor Integrates The DeFiChain Blockchain Into Its Database

• 2022 Forrester Wave™: Enterprise Firewalls – We’re a Leader

• Singapore wants citizens to arm up, take accountability for personal cyber hygiene

• 3 cloud security posture questions CISOs should answer

• Zscaler Advances Enterprise Data Security With Zero-Configuration Data Protection

• SBOMs: An Overhyped Concept That Won’t Secure Your Software Supply Chain

• Alaa Abd El Fattah Surpasses 200 Days of Hunger Strike as COP27 Summit Nears

• Millennials, Gen Z actually suck at workplace security

• Ransomware task force in Singapore

• Presidio Bolsters Comprehensive Cybersecurity Solutions with Active Response

• Cert-manager Graduates to CNCF Incubating Project

• Menlo Security: Most Consumers are Confident in Ability to Identify Threats, but Fail to Implement Basic Precautions

• ProArch, Nerdio and Rimo3 Join Forces to Help Enterprises Succeed with Highly Comprehensive Desktop-as-a-Service

• Musk To Continue Funding Starlink In Ukraine

• South Korea To Offer Blockchain-Based IDs

• Verizon Cyberattack – Prepaid Customers Data Exposed

• Ubuntu 5689-1: Perl vulnerability

• Ubuntu 5690-1: libXdmcp vulnerability

• Best Privacy & Security Tools For Linux

• Check Point named a Fast Mover in GigaOm’s Radar for Secure Service Access (SSA)

• Gartner research finds no single tool protects app security

• Police tricked a ransomware gang into handing over its decryption keys. Here’s how they did it

• Cybersecurity M&A Roundup for October 1-15, 2022

• Kaspersky Launches New VPN to Amplify Speed and Convenience

• CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

• Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

• Red Hat OpenShift security portfolio grows with new Red Hat Insights Vulnerability service

• Magniber Ransomware Is Targeting Home PC

• Mormon Church Hit By Cyberattack, Personal Data Exposed

• How To Establish And Maintain An Effective Physical Access Control Policy

• Telstra Diversity And Business Security

• In conversation with Chris Roberts, Business Development Manager at Fortinet

• Outpost24 research – GraceWrapper, TA505’s new threat to businesses

• Hackney Council Ransomware Attack Recovery Update Costing £12m+

• Global Cops Arrest Dozens Associated with Financial Crime Gang

• Chinese Cyberespionage Group Going After Telcos and IT Service Providers

• New PHP Malware Targets Business and Regular Facebook Accounts

• Do more with less—Discover the latest Microsoft Entra innovations

• #ISC2Congress 2022: Ian Bremmer – Is Technology the New World Order?

• #ISC2Congress 2022: Approach Cybersecurity as a Science

• PCI DSS v4.0

• Alarming attacks on Internet of Medical Things (IoMT)

• Netflix To Begin Password Crackdown In 2023

• pegged cryptocurrency

• The future of VPNs in the enterprise

• NSA Cybersecurity Director’s Six Takeaways From the War in Ukraine

• GroupSense Delivers New Ransomware Negotiation Training Service

• CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

• Enterprise-grade DDoS protection for SMBs now available in preview

• 6 Best Ways to Make a Collaborative PowerPoint Presentation

• New “Prestige” Ransomware Uses Remote Execution Utilities to Launch Destructive Attacks

• SUSE: 2022:3653-1 important: tcl

• SUSE: 2022:3654-1 important: amazon-ssm-agent

• Google Reveals Another Experimental Operating System: KataOS

• Caffeine makes phishing easy

• China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs

• DigiCert Appoints Industry Veteran Amit Sinha as Chief Executive Officer

• The Hunt for Wikipedia’s Disinformation Moles

• 10398871-1.v2 Zimbra October Update

• INTERPOL-led Operation Takes Down ‘Black Axe’ Cyber Crime Organization

• Researchers share of FabriXss bug impacting Azure Fabric Explorer

• Ransomware Targets Transportation Sectors In Ukraine, Poland

• Tear In Microsoft Azure Service Fabric Can Give Attackers Full Admin Privileges

• Phishing works so well crims won’t bother with deepfakes, says Sophos chap

• A Constant Battle Between Apple and Zero-Day Security Vulnerabilities

• Sophos: Hackers Avoid Deep Fakes as Phishing Attacks are Effective

• Warning to iPhone and Android Users: 400 Apps Could Leak Data to Hackers

• RTX 4090 can Crack Your Password in 50 Minutes

• Microsoft adds RSS feed support to its Security Update Guide service

• AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group

• Moola Market Reveals $9m Crypto Exploit

• Revelstoke Teams Up With BreachRx, Offering Users Automated Incident Response and Compliance Solutions

• 10398871-1.v2 Zimbra October Update

• The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach

• How Trump’s Two Failed Impeachments Upended Checks and Balances

• Investigation Regarding Misconfigured Microsoft Storage Location

• (ISC)² and the UK Cyber Security Council Professional Standards Pilot Program – What It Means for Members

• New eBook: 4 Steps to Comprehensive Service Account Security

• Germany Fires Cybersecurity Head Over Allegations Of ‘Russia Ties’

• Google Announces KataOS As Security-Focused OS, Leveraging Rust & seL4 Microkernel

• The IG Council is investigating Homeland Security watchdog

• IRS alerts low-income Americans to claim expiring tax credits

• So, the US, China, and Russia walk into an infosec conference

• Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters

• China-Linked Cyber Espionage Team Homes In on Hong Kong Government Orgs

• Researchers Detail Azure SFX Flaw That Could’ve Allowed Attackers to Gain Admin Access

• Leaked Police Notes May Have Alerted Cryptoqueen

• WH Intelligence Advisor Previously Vetted Deals For NSO Group

• Hackers Threaten To Release Ransomed Health Data

• USB-C Can Hit 120Gbps With Newly Published USB4 Version 2.0 Spec

• Germany Stands Down Cyber Boss Over Russian Ties

• Gain Control of Rapidly Securing Your Critical APIs Without Worrying About Your Backend Stack

• British Company Kingfisher Insurance Confirms LockBit Attack

• RCS Secure Catches Its Next Big Wave

• A New Solution to the Cybersecurity Skills Gap: Building Security into Operational Teams

• Moola Loses $9.1 Million After Crypto Heist

• Do You Think Businesses Must Do More To Boost Cyber Defences, Says Nadhim Zahawi

• COMMENT: Bulgarian Government Suffers Russian DDoS Attack

• Autralian Wine Dealer Suffers Data Breach, 500,000 Customers May Be Affected

• Client Data Exfiltrated In Advanced NHS cyber Attack

• Apache Commons Text flaw is not a repeat of Log4Shell (CVE-2022-42889)

• Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk

• Big Tech and Legislators are Taking on Cyberflashing

• Apple’s Modest iPad Pro Upgrade, Comes Amid iPad Revamp

• SciLinux: SLSA-2022-6998-1 Important: thunderbird on SL7.x x86_64

• SciLinux: SLSA-2022-6997-1 Important: firefox on SL7.x x86_64

• Beyond Cybersecurity Awareness Month: Achieving identity security all year long

• Bolster Raises $15 Million to Tackle Fakes and Frauds

• WordPress Security Update 6.0.3 Patches 16 Vulnerabilities

• Cybersecurity Awareness Month: 5 Actionable Tips

• China’s Winnti Group Seen Targeting Governments in Sri Lanka, Hong Kong

• GitGuardian Extends Code Security Platform, Adding Infrastructure-as-Code Scanning for Security Misconfigurations

• A Quick Guide for Small Cybersecurity Teams Looking to Invest in Cyber Insurance

• Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware

• The missed link between Ransom Cartel and REvil ransomware gangs

• European Cybersecurity Month: Responding To Ransomware With Speed And Scale, Experts Weigh In

• Tear in Microsoft Azure Service Fabric can give attackers full admin privileges

• TeamTNT Returns – or Does It?

• Improving privacy when browsing web: Alternative browsers and chrome extensions

• Critical RCE Flaw Found in Popular Post-Exploitation Cobalt Strike Toolkit

• Keys to effective security training may lie in behavior science

• This latest Firefox update makes it easier to protect your privacy online

• Passwords still dominate, and are causing headaches for everyone

• The infinite beauty of the hive mind

• RESTRICT: LOCKING THE FRONT DOOR (Pt. 3 of “Why Don’t You Go Dox Yourself?”)

• iDealwine suffers a data breach

• How the FBI stumbled in the war on cybercrime

• Google Unveils KataOS ‘Verifiably-Secure’ Operating System for Embedded Devices

• Oracle Releases 370 New Security Patches With October 2022 CPU

• Winnti Threat Group Attacks Government Organizations in Hong Kong and Siri Lanka

• Scammers Are Targeting Student Aid Debt Relief Program, Says FBI

• SUSE: 2022:2601-1 suse/sle-micro/5.1/toolbox Security Update

• SUSE: 2022:2602-1 suse/sle-micro/5.2/toolbox Security Update

• Government officials, including Russia, call for dialogue in combating cybersecurity threats

• Museum Security

• Everything you can do with the Apple Pencil and Logitech Crayon on Your iPad

• Which iPad Is Best for You in 2022?

• Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

• SUSE: 2022:2586-1 bci/nodejs Security Update

• Deadbolt Ransomware Targets NAS Devices

• Illusive expands ITDR to remediate Kerberoastable vulnerabilities

• Sonatype Report Reveals Software Supply Chain Attacks Soar 742% in Three Years

• CIS Benchmarks: Community driven security guidelines

• Intel Slashes Mobileye IPO Valuation To Below $16 Billion

• Why behavioral science could hold the key to effective security awareness training

• Digital Natives Are Undermining Corporate Security – Report

• I am worried: AV-Comparatives tests of Business Security products

• Keystone Health Confirms Data Breach

• openSUSE: 2022:10153-1 important: enlightenment

• openSUSE: 2022:10154-1 moderate: pngcheck

• SUSE: 2022:2561-1 suse/sle-micro/5.3/toolbox Security Update

• #CyberMonth: ENISA Celebrates 10 Years of European Cybersecurity Month with New, Proactive Slogan

• Deadbolt Ransomware Extorts Vendors and Customers

• CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi

• 5 Security Mistakes in Fintech and How to Avoid Them

• Debian: DSA-5258-1: squid security update

• Software Supply Chain Attacks Soar 742% in Three Years

• Cyber Security Management System (CSMS) for the Automotive Industry

• Common Cybersecurity Issues That Plague Small Businesses

• Germany stands down cyber boss over Russian ties

• Secure portable operating system Tails 5.5 released

• Black Basta Ransomware Gang Infiltrates Networks Using Penetration Testing Tools

• Ubuntu 5688-1: Libksba vulnerability

• Upgrade your security awareness efforts: Here’s how to start

• DNA Kits given to children in Texas Schools trigger data privacy fears

• Google Chrome Browser Incognito Mode is useless say employees

• Ivanti’s CPO Dr. Srinivas Mukkamala recognized as a 2022 CyberScoop 50 Cybersecurity Visionary

• Fifth Third Bank offers tips to protect yourself and your money

• #ISC2Congress 2022: Empowering the Cyber Community

• Latest Cyberthreats and Advisories – October 7, 2022

• Cobalt Iron Introduces Free Data Protection Maturity Assessment

• Microsoft Office 365 Message Encryption (OME) doesn’t ensure confidentiality

• Fines are not enough! Data breach victims want better security

• How to secure microservices using authorization

• #ISC2Congress 2022: Effective Cybersecurity Takes Collaboration

• No work experience? Don’t let that stop you from pursuing a career in cybersecurity

• The biggest concerns within the US Financial Sector in 2022

• Cybersecurity considerations for wearable tech

• Endpoint Detection and Response – you need it on mobile devices too

• Mandiant Breach Analytics empowers enterprises to gain insight on breach activity in IT environments

• Sardine Insights enable companies to prevent fraud and increase access to financial services

• CISOs, rejoice! Security spending is increasing

• The future of MFA is passwordless

• SUSE: 2022:3648-1 important: the Linux Kernel (Live Patch 29 for SLE 15 SP2)

• SUSE: 2022:3650-1 important: libreoffice

• ActionIQ CX Hub for Acquisition Marketing allows advertisers to focus on first-party data

• Oracle’s expanded cloud options enables customers to bring applications and data into the cloud

• Hexagon adds AI capabilities to HxGN Connect to improve public safety

• Mageia 2022-0373: sos security update

• ID.me expands in-person identity verification offerings for public sector

• Fortinet enhances its SASE solution to address shadow IT and data exfiltration challenges

• Security Compass SD Elements 2022.3 allows users to identify software application security threats

• Calix launches Arlo Security to strengthen security for homes and small businesses

• Zscaler unveils data protection innovations to help organizations mitigate security risks

• Toyota Data Breach Exposes Customer Data – What You Can Do to Protect Yourself

• How Card Skimming Disproportionally Affects Those Most In Need

• Mageia 2022-0374: dhcp security update

• Mageia 2022-0375: python-joblib security update

• Mageia 2022-0376: chromium-browser-stable security update

• Mageia 2022-0377: golang security update

• Mageia 2022-0378: firefox security update

• How to Decrypt Ransomware Files – And What to Do When That Fails

• FBI: Looking for Biden’s student loan forgiveness? Watch out for these scams

• Data Collection

• Cervello collaborates with ST Engineering to provide cybersecurity for rail operational networks

• Critical Start enhances security defenses with Palo Alto Networks Cortex XSIAM

• Samsung completes validation of LPDDR5X DRAM at operating speed of 8.5Gbps

• Thermal cameras could help reveal your password

• Fake tractor fraudsters plague online transactions

• Criminal group busted after stealing hundreds of keyless cars

• Warning: “FaceStealer” iOS and Android apps steal your Facebook login

• How to spot a scam

• Vulnerability management isn’t scalable, but bug bounty programs are

• Fully Undetectable PowerShell Backdoor Found by Security Researchers

• Cyber talent still in high demand

• Expel extends its reach in EMEA to address critical cybersecurity needs

• Trulioo strengthens identity verification solutions throughout Latin America

• Obsidian Security forms EMEA CIO Advisory Board and partners with NORMA Cyber

• RedHat: RHSA-2022-7020:01 Important: firefox security update

• RedHat: RHSA-2022-7022:01 Important: firefox security update

• Debian: DSA-5257-1: linux security update

• Is privacy only for the elite? Why Apple’s approach is a marketing advantage

• County cleans up ‘a hot mess’ with cloud-based ERP and HR systems

• Plugging holes remote work punched through security

• Patching-as-a-Service Offers Benefits, Challenges

• IT Security News Daily Summary 2022-10-18

• SUSE: 2022:3637-1 moderate: caasp-release, cri-o, patchinfo, release-notes-caasp, skuba

• SUSE: 2022:3635-1 important: python-waitress

• SUSE: 2022:3628-1 important: the Linux Kernel (Live Patch 1 for SLE 15 SP4)

• How Orca Security uses agentless API scanning to identify multicloud risks

• Mary Davie, longtime federal acquisition leader, to exit government

• Build some flexibility into your cyber learning

• What Is the Difference Between Identity Verification and Authentication?

• Ubuntu 5686-1: Git vulnerabilities

• Ubuntu 5687-1: Linux kernel (Azure) vulnerabilities

• Debian LTS: DLA-3155-1: bcel security update

• Open access networks: ‘A good cheap pipe’ for internet connectivity

• Implementing zero trust for government clouds

• Bolsters Raises $15M to Tackle Fakes and Frauds

• Gen Z, Millennial Workers Are Bigger Cybersecurity Risks Than Older Employees

• Upstart Ransom Cartel linked to REvil veterans

• ‘Fully undetectable’ Windows backdoor gets detected

• AI training bill becomes law

• Python vulnerability highlights open source security woes

• SUSE: 2022:3616-1 moderate: nodejs12

• RedHat: RHSA-2022-6996:01 Important: thunderbird security update

• NSA urges enterprises to watch China, Taiwan tensions

• Vulnerability Summary for the Week of October 10, 2022

• Out with the WAF, in with the WAAP

• Apache Commons Text vulnerability CVE-2022-42889

• Data privacy is expensive — here’s how to manage costs

• Navigating marketing with a focus on data privacy and compliance

• Marketing in the era of data growth and privacy

• Police Dismantled Car Hackers That Exploited Keyless Entry Tech

• SUSE: 2022:3614-1 moderate: nodejs14

• SUSE: 2022:3613-1 important: postgresql-jdbc

• SUSE: 2022:3615-1 important: nodejs16

• SUSE: 2022:3621-1 moderate: rubygem-activesupport-5_1

• SUSE: 2022:3617-1 important: netty

• Compare vulnerability assessment vs. vulnerability management

• Does Customs and Border Protection Have the Legal Authority to Seize Merchandise Made With Forced Uyghur Labor?

• Defenders beware: A case for post-ransomware investigations

• German Cybersecurity Boss Sacked Over Kremlin Connection

• Debian LTS: DLA-3154-1: node-xmldom security update

• Game theory could boost access to EV charging stations

• Are Cybersecurity Vendors Pushing Snake Oil?

• German Cybersecurity Chief Sacked Over Alleged Russia Ties

• Web3: Cybercrime May Come to an End, Here’s How

• Australia’s Medibank Drops After Ransomware Attack in IT Network

• Apple To Deliver Foldable iPad In 2024 – Report

• Student Jailed for Hacking into Email & Snapchat Accounts of Female Classmates

• Zoom for Mac patches sneaky “spy-on-me” bug – update now!

• Zoom Patches High-Severity Flaw in macOS Client

• Treat Essential Security Certificates as Valuable Assets

• Comcast Business Mobile Expands to 20 Lines; New Shared Data Options Available for Small Businesses

• Shield Capital Announces Venture Partners Michael A. Brown and John “JJ” Jack

• Conceal Partners with Virtual Graffiti to Expand into Australia and New Zealand

• #ISC2Congress 2022: Lessons from a Ransomware Attack

• Ubuntu 5685-1: FRR vulnerabilities

• full-disk encryption (FDE)

• Cities and states bristle over proposal to change how they report on finances

• Apple Claims “SIM not Supported” Bug Hits iPhone 14 Series

• Mandiant and SentinelOne Integrate, Enriching XDR with Threat Intelligence

• DirectDefense Names Justin Karnousky Regional Vice President of Sales for Central United States

• Securing the Smart Meter

• Halloween feature: Cheat codes for Cybersecurity and preventing kids from being “tricked”

• 8 Cybersecurity trends to be aware of in 2022/2023

• Most government orgs fail to meet digital transformation objectives, report finds

• OutThink Raises $10 Million for Human Risk Management Platform

• IDA Pro Owner Hex-Rays Acquired by European VC Firm

• Diffie-Hellman key exchange (exponential key exchange)

• HelpSystems Patch Falls Short, RCE Vulnerability in Cobalt Strike Remains

• CISA Releases Two Industrial Control Systems Advisories

• Law enforcement arrested 31 suspects for stealing cars by hacking key fobs

• Delivering consistency and transparency for cloud hardware security

• How Microsoft Purview and Priva help simplify data protection

• The Best Ways Your Business Can Protect Itself Against Cybercrime

• RedHat: RHSA-2022-6991:01 Important: kernel-rt security and bug fix update

• RedHat: RHSA-2022-6985:01 Moderate: nodejs:14 security and bug fix update

• RedHat: RHSA-2022-6983:01 Important: kernel security, bug fix,

• RedHat: RHSA-2022-6963:01 Important: nodejs security update

• SUSE: 2022:3609-1 important: the Linux Kernel

• 2022-10-17 – IcedID (Bokbot) infection with Cobalt Strike

• October 2022 Web Server Survey

• CISA Releases Two Industrial Control Systems Advisories

• I’m in your hypervisor, collecting your evidence

• UK’s Final Decision Orders Meta To Sell Giphy

• Cybersecurity Investment Remains Strong, M&A Activity Heads Toward New Annual Record

• Spyder Loader Malware Deployed Against Hong Kong Organizations

• CISA Offers Free RedEye Analytics Tool for Red Teams

• AutoRABIT Accelerates Release Management Processes with Automation and Key Integrations

• Phishing Mitigation Can Cost Businesses More Than $1M Annually

• Extremist Groups Abuse Tax Exemptions. Here’s What We Can Do About It.

• Indianapolis Housing Agency Seeks Experts’ Help to Identify the Ransomware Attack Operators

• Apple Claims  “SIM not Supported” Bug Hits iPhone 14 Series

• China-linked APT41 group targets Hong Kong with Spyder Loader

• Coinbase Users Scammed Out Of $21 Million In Crypto Sue Company For Negligence

• Ransomware Attack Impacted Some CommonSpirit Sites

• Army Cloud Plan Keys-In On Creating A Zero Trust Architecture

• Ransom Cartel Linked To Colonial Pipeline Attacker REvil

• Australian Insurer Medibank Confirms Ransomware Attack

• Black Basta Ransomware Hackers Use Qakbot to Deploy Brute Ratel C4

• 3-2-1 Backup Strategy: How Does It Work?

• Threat Management and Unified Endpoint Management

• Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders

• Сryptocurrency and Ransomware — The Ultimate Friendship

• RedEye – CISA Developed Open-source Red Team Tool Monitoring C&C Server Activities

• OutThink’s cybersecurity training uses NLP and data to mitigate employee-related risks

• Industrial Cybersecurity Market Expected to Soar in Next Decade

• Australian Health Insurer Medibank Targeted in Cyberattack

• Keystone Health Data Breach Impacts 235,000 Patients

• Mastercard To Bring Crypto Trading Capabilities To Banks

• Putting on the Red Hat

• Mozilla Firefox makes private browsing more accessible to protect user privacy

• Car theft ring used software to steal hundreds of vehicles without the physical key fob, say police

• 5 Best Password Managers (2022): Features, Pricing, and Tips

• Bulgarian Governmental Institutions Hit by DDoS Cyberattack

• (ISC)² Certified in Cybersecurity and CompTIA Security+: How Do They Create a Path to a Career in Cybersecurity?

• Apple iPad Pro With M2 Chip Expected Shortly

• SUSE: 2022:3607-1 important: the Linux Kernel (Live Patch 30 for SLE 15 SP2)

• Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike

• What Is Norstrat – Purpose, History, and Services

• Public package repos expose thousands of API security tokens—and they’re active

• New Oracle Alloy enables organizations to become cloud service providers

• Mandiant builds on SIEM, adds threat intelligence for Google Cloud Chronicle Security Operations

• Qatar Spyware

• Prestige Ransomware Targets Organizations in Ukraine and Poland

• Ransom Cartel linked to Colonial Pipeline attacker REvil, says infosec crew

• Booz Allen Completes Acquisition of EverWatch

• Wine Merchant Among Aussie Firms Breached, Exposing Millions

• European Police Catch Suspected Car Hackers

• More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

• Police breaks up criminal ring that hacked keyless systems to steal cars

• Intel Mulls Lower Valuation For Mobileye IPO – Report

• Ankr Becomes First RPC Provider to the Aptos Blockchain

• Critical Apache Commons Text Flaw Compared to Log4Shell, But Not as Widespread

• How the World Will Know If Russia Is Preparing to Launch a Nuclear Attack

• European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars

• Chinese ‘Spyder Loader’ Malware Spotted Targeting Organizations in Hong Kong

• Microsoft Confirms Second Round Of Job Cuts

• SUSE: 2022:2557-1 bci/bci-init Security Update

• SUSE: 2022:2558-1 bci/nodejs Security Update

• SUSE: 2022:2559-1 bci/python Security Update

• What Is Norstrat – Purpose, History, and Services

• Kayne West To Acquire Right-Wing Parler App

• MyDeal Announces Stolen Data from a Recent Data Breach

• German Newspapers Targeted by Ransomware Attack

• RedHat: RHSA-2022-6978:01 Important: kpatch-patch security update

• SUSE: 2022:3606-1 important: the Linux Kernel (Live Patch 24 for SLE 15 SP3)

• Pro-Russia Hackers DDoS Bulgarian Government

• How To Select The Best Contractor Scheduling Apps

• Ever considered using Confidential Computing to beef up cloud data protection?

• 5 Ways Your Website Can Be Infected with Malware

• Ways Smart Door Locks Can Enhance Your Home Security

• Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684

• Imagine surviving a wiper attack only for ransomware to scramble your restored files

• Looking for adding new detection technologies in your security products?

• Passwords for kids: How to create and manage them

• CVE-2022-28762: Zoom for macOS contains a debugging port misconfiguration

• OutThink’s cybersecurity training uses NLP and data to mitigate employee-related risks

• Japanese giants to offer security-as-a-service for connected cars

• Cops swoop after crooks use wireless keyfob hack to steal cars

• Software Patch Management Policy Best Practices

• Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software

• 7 critical steps to defend the healthcare sector against cyber threats

• Ransomware attack halts circulation of newspapers in Germany

• Best Android Smart Phones for Business Environments

• New PHP Malware Distributed as Cracked Microsoft Office Apps, Telegram, & Others

• AI can help you optimize your supply chain

• Deepfakes: What they are and how to spot them

• Exabeam Introduces New-Scale SIEM™

• Vicarius Partners with CISA to Bring Awareness to Software Vulnerabilities for Cybersecurity Awareness Month

• #ISC2CONGRESS 2022: Panel: Why Apprenticeships Matter

• Ransomware – undeniably top of mind

• L3Harris wants to add drone data streams to night vision goggles

• Black Basta Ransomware Hackers Infiltrate Networks via Qakbot to Deploy Brute Ratel C4

• 5 steps to protect your school from cyberattacks

• For auto dealerships, cybersecurity is more essential than ever

• Product showcase: Scribe platform’s end-to-end software supply chain security

• Exabeam Introduces New-Scale SIEM™

• SUSE: 2022:3605-1 important: the Linux Kernel (Live Patch 2 for SLE 15 SP4)

• DOD looks to update AI workforce contract

• Imprivata extends its digital identity platform to defragment identities across disparate apps

• Exabeam New-Scale SIEM enables security teams to defend against complex threats

• Exabeam Introduces New-Scale SIEM™

• True Security Requires a Holistic Approach

• Dangerous hole in Apache Commons Text – like Log4Shell all over again

• Ex-WSJ reporter says he was framed in elaborate ‘hack-and-smear’ operation

• Exabeam Introduces New-Scale SIEM™

• openSUSE: 2022:10152-1 important: virtualbox

• Accenture and Atlassian join forces to provide clients with enterprise agility solutions

• Microsoft and SANS Institute collaborate to equip security professionals with the necessary expertise

• A week in security (October 10 – 16)

• ngena partners with Versa Network to help enterprises maintain their complex networks

• Kyndryl, Microsoft and Dell Technologies introduce solution to accelerate cloud transformation

Generated on 2022-10-19 23:55:44.877071